Is automation the great cybersecurity liberator?

Some are concerned by the prospect of automation threatening the jobs of humans, but it could give skilled professionals the time to defend against cyberattacks more effectively.

It is becoming clear that the future of cybersecurity will involve automation, and it may prove to be an essential move, rather than an initiative just to improve cybersecurity.

At the 2017 Rapid7 UNITED summit, a group of cybersecurity experts were brought together to combine their insights to discuss the future of the industry. It was no surprise that the opening topic was automation.

We have been hearing talk of the benefits of automation cybersecurity for some time, with highly skilled analysts drowning in immeasurable volumes of data, handling endless menial tasks. These valuable skillsets could be applied to dealing with the most complex, insidious problems, while automation takes the weight.

Chris Wysopal, CTO, Veracode, said: “I think it is definitely a piece of the puzzle, everything is getting automated, automation is happening all over the IT industry. IT orchestration is a big thing, it puts the patches out there, the configuration, the provision, security has to do that too, we cannot be a manual process when all of IT is moving so fast.”

“To some degree we have to automate, it is not about whether automation is going to make security better, if we do not automate, security will definitely be worse. I think it is table stakes to automate as much as we can.”

This really accentuates the importance of automation, as it may possibly prove to be vital to stopping us losing our grip on the cybersecurity problem, an essential weapon in the battle.

Chris Nickerson, CEO, Lares Consulting, said: “We are at the same stage as when they were looking for skilled people to build cars in the early nineteen hundreds. There is a really small group of people who can do that, and the only reason we can actually scale to the needs, the demand and to the growth, is through automation.”

“We are still figuring out automation in that game today a hundred plus years later, but we are evolving that automation so that we can fit the scale. I do not think we are dissimilar to that, we are just in the nineteen hundreds, we are not anywhere close to the future.”

Automation raises a great deal of concern across the industries, with forecasts of how many jobs may be lost when it is brought into action. This creates a problematic dynamic when it comes to a widespread implementation of the technology.

Joshua Corman, Director, Cyber Statecraft Initiative, said: “If our posture and attitude is that ‘automation is a threat to our day job’, first of all I think it is short sighted, because I think we should things that anybody can do, to liberate us to do things that only we can do.”

This observation stands as a strong argument against those who would choose to maintain traditional jobs, rather than promote technological development. It can only be advantageous to cybersecurity to unlock the skills of the professionals who are trapped wrestling a problem that automation could be tagged in for.

“Second, when you talk to the machine learning guys and the AI guys, yes of course there are buzz words there, but they have really amazing skills, they just do not know how to use them or where to us them. We know how and where to use them but we do not have their skills, so I think our attitude is our first bottleneck,” said Corman.